困境:我应该学习 Seaside 还是 Python 框架?
我知道这有点主观,但是,如果您将自己置于我的立场上您会花时间学习什么?
我想编写一个网络应用程序来安全地处理相对少量的人们的私人数据,几千条记录,每条只有几 Kb,但是需要安全保存的东西,地址,电话号码等。我已经用 PHP/MYSQL 完成了几个 Web 项目,并决定,虽然它很方便,但我真的不喜欢PHP 并且不想在其中做另一个大型项目...
因此我认为我最好学习一些新东西,所以我正在考虑 2 个选择(尽管如果您有建议,我会很乐意招待其他人)。 但我很难做出决定。 他们看起来都很投入,所以我不想直接跳进去,可能会浪费几天时间来了解他们两个的情况,做出明智的选择,我想我应该来这里征求一些意见。
所以我正在考虑的两个选项是...
PYTHON Web 框架之一 - TurboGears 似乎很受重视? 优点:在我尝试过的所有语言中,Python 无疑是我最喜欢的。 有很多框架可供选择,并且在过去几年中我完成了大量非 Web Python 编码。 缺点:可供选择的东西太多,很难选择! 需要运行单个服务器进程? 或者mod_python? 我不喜欢这个声音。 我真正喜欢的是进程分离和划分的概念,即如果一个用户帐户受到威胁,攻击者就无法利用系统的其余部分。 我不清楚 python 解决方案能在多大程度上处理这个问题。
将其编写为SEASIDE应用程序我猜它在squeak应用程序服务器上运行? Adv:据我所知,这将允许对用户进行良好的划分,因为每个用户都将拥有自己的小型私有虚拟机,独立于其他用户的所有系统,从安全性、扩展性和冗余的角度来看,这听起来很棒。 Dis:自从 15 年前上大学以来,我就没有做过任何 Smalltalk,而且当时我也没有深入研究过它。 我没有看到太多针对海边的入门级帮助,也没有看到很多使用它的项目。 我怀疑设置一台服务器来运行它是很困难的,原因是同样的,即不是因为它本身就很难,而是因为在线帮助会较少,并且假设您已经对 Sqeak/Smalltalk 相当熟悉。
那么,人们怎么看? 我是否能够通过 Python 框架有效地实现我所追求的那种强大的分离和划分? Seaside 在隔离用户彼此方面是否如我想象的那么好? 在安全方面,我是否会更好,坚持使用我最熟悉的语言,这样我就不会犯任何严重的错误,或者 Seaside 是否值得扩大学习曲线,并从长远来看证明更安全、可理解和可维护? 归根结底,这不是一个生死攸关的决定,如果我从一个开始然后讨厌它,我总是可以保释,所以请不要让任何人都陷入神圣语言战争并开始攻击任何人! ;-)
为得到的任何答复干杯,
罗杰:)
I know it's kinda subjective but, if you were to put yourself in my shoes which would you invest the time in learning?
I want to write a web app which deals securely with relatively modest amounts of peoples private data, a few thousand records of a few Kb each but stuff that needs to be kept safe, addresses, phone numbers etc. I've done several web projects in PHP/MYSQL and have decided, handy though it is I really don't like PHP and don't want to do another large project in it...
As such I figure I'd best learn something new and so I am considering 2 options (although I'll happily entertain others if you have suggestions). I'm having terrible trouble deciding though. They both look quite involved so rather than just jump in and potentially waste days getting up to speed enough on both of them to make an informed choice I thought I'd come here and canvas some opinion.
So the two options I'm considering are...
One of the PYTHON Web frameworks - TurboGears seems well regarded?
Advantage: Of all the languages I ever tried Python is by far and away my favorite. There's loads of frameworks to choose from and I have done quite a lot of non web python coding over the last few years.
Disadvantage: There's loads to choose from so it's hard to pick! Need to run single server process? or mod_python? which I don't like the sound of. What I do like is the notion of process separation and compartmentalization, i.e. if one users account is compromised it gives an attacker no leverage against the rest of the system. I'm not clear to what extent a python solution would handle that.
Writing it as a SEASIDE app Which I guess runs on a squeak app server?
Adv: From what I've heard it would permit good compartmentalization of users as each would have their own little private VM independent of all the systems other users which sounds wonderful from a security, scaling and redundancy standpoint.
Dis: I've not done any Smalltalk since Uni 15 years back and I never dug too deep into it then. I don't see much entry level help for seaside or that many projects using it. I suspect setting a server up to run it is hard for the same reason i.e. not because it's inherently hard but just cause there will be less help online and a presumption you are already rather au fait with Sqeak/Smalltalk.
So, what do people think? Would I be able to efficiently get the kind of strong separation and compartmentalization I'm after with a Python framework? Is Seaside as good as I think in terms of insulating users from each other? Might I be better off, security wise, sticking to the languages I'm most familiar with so I don't make any n00b mistakes or will Seaside be worth worth scaling the learning curve and prove more secure, comprehensible and maintainable in the long run? At the end of the day it's not a life or death decision and I can always bail if I start with one and then hate it so pls nobody get all holy language war and start flaming anyone! ;-)
Cheers for any replies this gets,
Roger :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
免责声明:我真的不喜欢 PHP,Python 很好,但在我的书中与 Smalltalk 相差甚远。 但我是一个有偏见的小话者。 关于 Seaside/Squeak 的一些答案:
问:我猜哪个运行在 Squeak 应用程序服务器上?
Seaside 在几种不同的 Smalltalks(VW、Gemstone、Squeak 等)中运行。 “应用程序服务器”这个术语在 Smalltalk 国家并没有真正使用。 :)
问:据我所知,这将允许对用户进行良好的划分,因为每个用户都有自己的小型私有虚拟机,独立于其他用户的所有系统,从安全性、扩展性和冗余的角度来看,这听起来很棒。
是的,每个用户都有自己的 WASession,并且用户看到的所有 UI 组件都是该会话中位于服务器端的实例。 因此,会话之间的状态共享是您必须明确执行的操作,通常是通过数据库。
问:自从 15 年前上大学以来,我就没有做过任何 Smalltalk,而且当时我也没有深入研究过它。 我没有看到太多针对海边的入门级帮助,也没有看到很多使用它的项目。
Smalltalk 很容易上手,并且有一本关于 Seaside 的免费在线书籍。
问:我怀疑设置一台服务器来运行它很困难,原因相同,即不是因为它本质上很困难,而是因为在线帮助较少,并且假设您已经相当熟悉 Sqeak/Smalltalk。
不,不难。 :)其实,很微不足道。 大量帮助 - Seaside ml、freenode 上的 IRC 等。
问:在隔离用户彼此方面,Seaside 是否像我想象的那么好?
我会这么说。
问:在安全方面,我是否会更好,坚持使用我最熟悉的语言,这样我就不会犯任何严重的错误,或者 Seaside 是否值得扩大学习曲线并证明在环境中更安全、更容易理解和更可维护?长跑?
恕我直言,支持 Seaside 的杀手锏是真正的组件模型。 它确实非常适合复杂的用户界面和维护。 如果你害怕学习“不同的东西”(但我猜你一开始就不会考虑它)那么我会警告你。 但如果你不害怕,那么你可能会喜欢它。
另外 - Squeak(或 VW)是一个真正很棒的开发环境 - 调试实时 Seaside 会话、更改调试器中的代码并恢复等等。它很震撼。
Disclaimer: I really don't like PHP, Python is nice, but doesn't come close to Smalltalk in my book. But I am a biased Smalltalker. Some answers about Seaside/Squeak:
Q: Which I guess runs on a squeak app server?
Seaside runs in several different Smalltalks (VW, Gemstone, Squeak etc). The term "app server" is not really used in Smalltalk country. :)
Q: From what I've heard it would permit good compartmentalization of users as each would have their own little private VM independent of all the systems other users which sounds wonderful from a security, scaling and redundancy standpoint.
Yes, each user has its own WASession and all UI components the user sees are instances living on the server side in that session. So sharing of state between sessions is something you must do explicitly, typically through a db.
Q: I've not done any Smalltalk since Uni 15 years back and I never dug too deep into it then. I don't see much entry level help for seaside or that many projects using it.
Smalltalk is easy to get going with and there is a whole free online book on Seaside.
Q: I suspect setting a server up to run it is hard for the same reason i.e. not because it's inherently hard but just cause there will be less help online and a presumption you are already rather au fait with Sqeak/Smalltalk.
No, not hard. :) In fact, quite trivial. Tons of help - Seaside ml, IRC on freenode, etc.
Q: Is Seaside as good as I think in terms of insulating users from each other?
I would say so.
Q: Might I be better off, security wise, sticking to the languages I'm most familiar with so I don't make any n00b mistakes or will Seaside be worth worth scaling the learning curve and prove more secure, comprehensible and maintainable in the long run?
The killer argument in favor of Seaside IMHO is the true component model. It really, really makes it wonderful for complex UIs and maintenance. If you are afraid of learning "something different" (but then you wouldn't even consider it in the first place I guess) then I would warn you. But if you are not afraid then you will probably love it.
Also - Squeak (or VW) is a truly awesome development environment - debugging live Seaside sessions, changing code in the debugger and resuming etc etc. It rocks.
忘记 mod_python,还有 WSGI。
我推荐 Django。 它可以在任何 WSGI 服务器上运行,有很多可供选择。 Apache 有 mod_wsgi,wsgiref - Python 和 还有更多。 另外,Google App Engine 是 WSGI,并且包括 Django。
Django 非常受欢迎,并且它的社区正在迅速发展。
Forget about mod_python, there is WSGI.
I'd recommend Django. It runs on any WSGI server, there are a lot to choose from. There is mod_wsgi for Apache, wsgiref - reference implementation included in Python and many more. Also Google App Engine is WSGI, and includes Django.
Django is very popular and it's community is rapidly growing.
我想说看看 Django。 它是一个 Python 框架,具有独立于托管操作系统的现成身份验证系统,这意味着危害仅限于受到危害的应用程序(禁止针对托管 Python 进程的 Web 服务器进行某些攻击)。
I'd say take a look at Django. It's a Python framework with a ready-made authentication system that's independent of the hosting OS, which means that compromises are limited to the app that was compromised (barring some exploit against the web server hosting the Python process).
我自己也开始接触海边,但在很多方面都很难开始,这与可以很快学会的闲聊无关。 挑战在于您确实无法直接编写 html。
我发现在大多数框架中,当您陷入如何做某事的困境时,总是可以通过使用模板来解决它。 您稍后可能会发现该解决方案会导致问题变得清晰,实际上框架中内置了更好的解决方案,但您可以继续解决该问题,直到您学会了正确的方法。
Seaside 没有模板,所以你没有拐杖。 没有什么问题会永远困扰我,但有些问题需要我花更长的时间才能解决。 另一方面是你最终会更快地学习海边方法,因为你不能作弊。
如果您决定走海边路线,请不要害怕在 squeakfoundation.org 上的海边邮件列表中发帖。 一开始我觉得这很吓人,因为由于流量低,你看不到很多初学者的问题,但那里的人们愿意帮助初学者。
还有一些海边开发者定期监控 stackoverflow。 祝你好运。
I've been getting into seaside myself but in many ways it is very hard to get started, which has nothing to do with the smalltalk which can be picked up extremely quickly. The challenge is that you are really protected from writing html directly.
I find in most frameworks when you get stuck on how to do something there is always a work around of solving it by using the template. You may later discover that this solution causes problems with clarity down the road and there is in fact a better solutions built into the framework but you were able to move on from that problem until you learned the right way to do it.
Seaside doesn't have templates so you don't get that crutch. No problems have permanently stumped me but some have taken me longer to solve than I would have liked. The flip side of this is you end up learning the seaside methodology much quicker because you can't cheat.
If you decide to go the seaside route don't be afraid to post to the seaside mailing list at squeakfoundation.org. I found it intimidating at first because you don't see a lot of beginner questions there due to the low traffic but people are willing to help beginners there.
Also there are a handful of seaside developers who monitor stackoverflow regularly. Good luck.
您看过www.nagare.org吗?
专门用于网络应用程序而不是网站的框架。
它基于 Seaside 概念,但您可以使用 Python 进行编程(nagare 部署了一个名为 Stackless Python 的 Python 发行版来让延续工作)。
与 Seaside 一样,它会自动生成 HTML,但另外还可以根据需要使用模板。
它最近由 http://www.net-ng.com/ 开源,他们自己拥有多年在 zope 和 plone 等优质 Web 框架中交付 Web 应用程序/网站的经验。
我现在正在自己研究它,看看它是否符合我的需要,所以不能告诉你我对它的看法。 如果您看一下,请提供您的反馈。
Have you taken a look at www.nagare.org ?
A framework particularly for web apps rather than web sites.
It is based around the Seaside concepts but you program in Python (nagare deploys a distribution of python called Stackless Python to get the continuations working).
Like Seaside it will auto generate HTML, but additionally can use templates as required.
It has been recently open sourced by http://www.net-ng.com/ who themselves have many years experience in delivering web apps/sites in quality web frameworks like zope and plone.
I am researching it myself at the moment to see if it fits my needs, so can't tell you what I think of it in the wild. If you take a look, please give your feedback.
在考虑使用 Smalltalk Web 框架时,请同时查看 Aida/Web。 Aida 具有内置的安全性,包括用户/组/角色管理和强大的访问控制,这可以在您的情况下为您提供很大帮助。 这样您就可以在一个图像中的用户级别实现足够安全的用户分离。 但如果您确实愿意,您也可以通过运行许多图像来将它们分开。 但这会增加维护工作,我会三思是否值得。
While considering a Smalltalk web framework, look at Aida/Web as well. Aida has built-in security with user/group/role management and strong access control, which can help you a lot in your case. That way you can achieve safe enough separation of users at the user level in one image. But if you really want, you can separate them with running many images as well. But this brings increased maintenance and I'd think twice if it is worth.
我自己也在玩 Seaside,发现本教程对于深入了解其功能非常有价值框架的。
I'm toying with Seaside myself and found this tutorial to be invaluable in gaining insight into the capabilities of the framework.
我想你已经总结了很多优点和缺点了。 Seaside 的设置并不那么(我已经为不同的项目安装了两次),但是使用它肯定会影响你的工作方式——除了重新学习你可能会使用的语言之外必须调整有关工作流程的许多假设。
它还取决于另外两个因素
I think you've pretty much summed up the pros and cons. Seaside isn't that hard to set up (I've installed it twice for various projects) but using it will definitely affect how you work--in addition to re-learning the language you'll probably have to adjust lots of assumptions about your work flow.
It also depends on two other factors
现在有一本关于海边的在线书籍来完成关于海边的在线书籍。 gemstone.com/tutorial.html" rel="nofollow noreferrer">教程前面指出。
There is now an online book on Seaside to complete the tutorial pointed out earlier.